From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 26 10:40:50 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 43BEF16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 26 Nov 2003 10:40:50 -0800 (PST)
Received: from out007.verizon.net (out007pub.verizon.net [206.46.170.107])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E51B943F75
	for <freebsd-questions@freebsd.org>;
	Wed, 26 Nov 2003 10:40:48 -0800 (PST)	(envelope-from mike@pcmedx.com)
Received: from duron.pcmedx.com ([4.46.22.189]) by out007.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20031126184048.ULPR9064.out007.verizon.net@duron.pcmedx.com>;
          Wed, 26 Nov 2003 12:40:48 -0600
Received: from localhost (localhost [127.0.0.1])
	by duron.pcmedx.com (Postfix) with ESMTP
	id 9AE28B05C; Wed, 26 Nov 2003 10:40:45 -0800 (PST)
Received: from mike (mike.pcmedx.com [192.168.240.244])
	by duron.pcmedx.com (Postfix) with SMTP
	id E4551B059; Wed, 26 Nov 2003 10:40:44 -0800 (PST)
Message-ID: <008001c3b44c$cfaf6b40$f4f0a8c0@pcmedx.com>
From: "Mike Maltese" <mike@pcmedx.com>
To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
References: <MIEPLLIBMLEEABPDBIEGCEIJEOAA.fbsd_user@a1poweruser.com>
	<20031126181353.GC48692@dan.emsphone.com>
Date: Wed, 26 Nov 2003 10:40:48 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Virus-Scanned: by amavisd (http://www.amavis.org) and f-prot
	(http://www.f-prot.com) at pcmedx.com
X-Authentication-Info: Submitted using SMTP AUTH at out007.verizon.net from
	[4.46.22.189] at Wed, 26 Nov 2003 12:40:46 -0600
cc: Dan Nelson <dnelson@allantgroup.com>
Subject: Re: IPFILTER rules with shell symbloic substitution
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2003 18:40:50 -0000

> /etc/rc.firewall has lots of examples using ipfw; the concepts should
> work just as well with ipf.

I'm not sure that's true. /etc/rc.firewall is a shell script, an IP Filter
ruleset isn't. From the documentation and my own use of it, IP Filter
doesn't support variable substitution. If you're running 5.x, you can run
the pf port, which does support variables and some other neat expansion
capabilities that can really condense and simplify your ruleset.